Thank you for visiting Cyber Matters. In this blog we aim to discuss issues relating to cyber security, with brief articles, that don’t get carried away with too much technical detail.
We operate in an industry in which there is a lot of over hyped nonsense discussed, as well as some really important issues. In Cyber Matters we aim to cut through this and get straight to the point in an easy to understand way. Our bloggers are free to talk about any area relating to Cyber Security, Computer Security, Information Security or what ever term you prefer to use.
We welcome your views – please contribute to the discussion by way of comments on our articles.
- The Insecurity of the Internet of Things
- Validating the Payload
- Cyber Threat Glossary – By Example
- Why have I got an Intruder Alarm?
- Secure Delivery of a Payload via a Protocol Break
- Cyber Threat Glossary – By Example - As more and more people talk about security, I hear the terms threat, vulnerability, mitigation and risk used. Often in what I believe is the wrong context. There are lots of attempts to define the terms, write taxonomies etc. There is little point in duplicating this, however, here is how I think about the terms…
- No, Shellshock does not defeat SELinux - A week is a long time in Cyber Security. These past few weeks you may have heard about the latest ‘big vulnerability’, dubbed ShellShock. If you haven’t, or want more information on it, I direct you to the best authority I know: Wikipedia.
- UK Public Procurement Policy Note 09/14 - Now that’s a catchy headline to get your attention! What does it mean, and why blog about it on Cyber Matters? In short, the policy note published by the Cabinet Office today (Sept 26 2014) says that from October 1st, the Cyber Essentials Scheme is mandatory:
- Diodes are Diodes, Guards are Guards - Over the last 3-5 years Data Diodes have grown in popularity as a solution for moving data between isolated networks. With this has come creative marketing to leverage the term ‘Diode’ for solutions that are anything but. Let’s just take a few moments to revise some of the fundamental modes of secure information exchange.
- Changing 40+ Passwords: Thanks Heartbleed - Following the Heartbleed revelations, the security advice from the great and good was to change all passwords. To support World Password Day, I changed over 40 other them – quite an interesting exercise. Alarmingly, it appears I am still vulnerable.
- A Brief Introduction into Threat Analysis - The purpose of this blog piece is to introduce the concept of threat analysis, what it is and why it’s a good idea, while at the same time present a simple and effective way to try it yourself. It is part of a blog series on the development approach at Nexor.
- Prehistory of LDAP - It all started in the basement of the Computer Science department of University College London in about 1988. I was working alongside Paul Sharpe of then of GEC, who was working on user agents on the Thorn project.